NO. 20060410
 
MS06-007 TCP/IP IGMP v3 DOS Vulnerability

CVE ID: CVE-2006-0021

 

Affected Products:

 

* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

* Microsoft Windows XP Professional x64 Edition

* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack

* Microsoft Windows Server 2003 for Itanium-based Systems

* Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

* Microsoft Windows Server 2003 x64 Edition

 

Details:

By sending a specially crafted IGMP packet to a vulnerable system, an attacker can cause the vulnerable system stop to responding, causing DoS (Denial of Service) attack. Though Windows Firewall is able to protect against attacks employing a unicast IGMP v3 packet, it can not protect against an attack employing multicast IGMP v3 packet.

 

BroadWeb BSST's Suggestions:

 

1.      Follow firewall best practices, which recommend that hosts connected to the Internet have a minimal number of ports exposed.

 

2.      Upgrade signature pattern to version 3.42, which includes:

   #1052277_EXPLOIT IGMP v3 DoS Vulnerability - 1(MS06-007)

   #1052278_EXPLOIT IGMP v3 DoS Vulnerability - 2(MS06-007)

 

Reference:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0021

http://www.microsoft.com/technet/security/Bulletin/MS06-007.mspx

 

 

Broadweb Security Service Team (BSST) - Empower Your Network Security Broadweb NetKeeper Intruder Prevention System delivers the protection against intrusion, worms, DDOS, Instant messaging, P2P, Web-Mail, and Web Post.

Copyright © BroadWeb Corporation All rights reserved. [Contact Us]
BSST,Broadweb Security Service Team